By Roy Urrico
Finopotamus aims to highlight white papers, surveys, analyses and reports that provide a glimpse as to what is taking place and/or impacting credit unions and other organizations in the financial services industry.
Ransomware crime and password theft highlight a pair of cybersecurity reports.
Surge In Ransomware Victim Numbers
Researchers from Palo Alto Networks documented 3,998 posts on ransomware leak sites in 2023, compared to 2,679 in 2022 — a 49% increase. The leaked data also revealed at least 25 new ransomware groups emerged in 2023, indicating the continued attraction of ransomware as a profitable criminal activity.
Data from ransomware leak sites, sometimes known as dedicated leak sites (DLS), provide the basis for analysis, according Palo Alto Networks. “Ransomware leak sites first appeared in 2019, when Maze ransomware began using a double extortion tactic. Stealing a victim’s files before encrypting them, Maze was the first known ransomware group to establish a leak site to coerce a victim and release stolen data,” said the report. These threat actors, the study added, pressure victims to pay – not only to decrypt their files, but to prevent the attackers from publicly exposing their sensitive data. Since 2019, ransomware groups have increasingly adopted leak sites as part of their operations.
A spike in activity occurred in July 2023, with almost 500 posts and is somewhat correlated with CL0P, a Russian-speaking ransomware group exploiting a zero-day vulnerability in the MOVEit MFT application. “2023 saw high-profile vulnerabilities like SQL injection for MOVEit and GoAnywhere MFT services,” said the report. MOVEit and GoAnywhere MFT are managed file transfer software products. Zero-day exploits, vulnerabilities undiscovered to its owners, drove spikes in ransomware infections by groups like CL0P, LockBit and ALPHV (BlackCat) before defenders could update the susceptible software.
CL0P has taken credit for exploiting the MOVEit transfer vulnerability. In June 2023, the U.S. Cybersecurity and Infrastructure Agency (CISA) estimated TA505, a group known for leveraging CL0P ransomware, compromised more than 3,000 US-based organizations and approximately 8,000 victims globally. The scale of these attacks forced vulnerable organizations to shorten their response times so they could effectively counter the threat. However, the sheer volume of data from compromised websites also forced ransomware groups to adapt.
Ransomware threat actors targeted a wide range of victims with no preference for specific industries. However, the ransomware victim dispersal data revealed manufacturing as the most affected sector, accounting for 14% (almost 600) of the data leak posts. Following this was professional and legal services, high-tech, wholesale and retail, construction, healthcare, financial services (over 200 data leak posts) and education.
While ransomware attacks affected at least 120 different countries, the U.S. stood out as the primary target of ransomware with 47% of ransomware leak site posts in 2023 revealed victim organizations based in the U.S. “The U.S. presents a very attractive target, especially when examining the Forbes Global 2000, which ranks the largest companies in the world according to sales, profits, assets and market value,” the Palo Alto Networks researchers said. “In 2023, the U.S. accounted for 610 of these organizations, consisting of almost 31% of the Forbes Global 2000, indicating a high concentration of wealthy targets.”
Other significant tendencies include the use of zero-day vulnerability exploits in in popular enterprise products like Citrix or VMware. “2023 presented a thriving and evolving ransomware landscape as reflected in posts from ransomware leak sites,” the researchers said in their report. “Posts from these sites indicate a notable increase in activity, and this data also reflects new ransomware groups that have appeared and existing groups that have declined. Although the landscape remains fluid, law enforcement’s growing effectiveness in combating ransomware signals a welcome change.”
Not every ransomware group uses a data leak site to name and threaten its victims publicly, but many have adopted this tactic in recent years, including the biggest groups. The report suggested ransomware is no longer just about making data inaccessible to the user through encryption, but also about exfiltrating it and threatening to release it or sell it.
“Artificial intelligence has lowered the threshold of skill required to successfully breach and exploit businesses and individuals,” Gerasim Hovhannisyan, CEO and co-founder of EasyDMARC, told Finopotamus in commenting on the report’s findings. The Netherlands-based B2B software-as-a-service (SaaS) company helps clients solve email security and deliverability problems.
He added, “The analysis also highlights the power of supply chain attacks. The reported jump in ransomware postings in July following the MOVEit zero-day vulnerability emphasizes the significant ripple effects these types of attacks can have. It’s a reminder to organizations and security professionals that cybersecurity is no longer an in-house issue, but one shared with their entire partner and supplier network."
America’s Password Habits
A study from Forbes Advisor revealed that 46% of people have had their password hacked over the last year. This survey, conducted by OnePoll, polled 2,000 individuals in December 2023, offers a snapshot of current password security trends, such as widespread password reuse and the frequent need for password changes due to security breaches.
The Forbes Advisor report also found that 77% of personal information stolen emanated from social media accounts. Thirty-nine percent had first and last names compromised; closely followed by phone numbers at 38%, personal addresses at 34%, Social Security numbers at 24%.
From a financial standpoint, 25% of respondents had credit card numbers compromised and 22% had banking information accessed.
Other highlights include:
The report cited weak passwords as a primary factor in account hacks, with 35% of respondents identifying this as the cause of their security breaches. Close behind, 30% believe repeating the same password across multiple platforms compromised their accounts. Another 27% credited their account hacking to company data breaches.
Phishing attacks, deceptive tactics used to gain sensitive information, were responsible for 21% of the breaches, tied with malware, which also accounted for 21%.
The survey data showed a high incidence of personal information theft following password hacks. Seventy-seven percent of respondents report having personal information stolen, with hackers targeting different types of data.
The survey provided awareness into the password-creation behaviors of those suffering account hacking. Forty-two percent mention using a combination of words and numbers holding personal significance. Thirty-four percent base their password creation on specific requirements set by the platform or service. Thirty-two percent of respondents adopt a strategy of mixing and matching words and numbers, which can offer more security than using familiar phrases or dates alone. Only 13% employ a password generator tool.
On average, people reuse the same password for at least four accounts. Twenty-two percent of respondents are uncertain about how often they reuse passwords, showing a potential lack of attention to their password management practices. Twenty-four percent acknowledge using the same password for one to two accounts. However, 23% report using the same password across three to four different accounts, increasing the risk of multiple breaches from a single compromised password.
Over 20% report not doing anything to keep their password safe. The survey reveals diverse methods individuals employ to secure their passwords, yet a notable 22% admit to not using any specific measures for password safety.
Thirty-one percent of respondents use FaceID, reflecting a preference for biometric security measures. Twenty-nine percent use fingerprint scanning, another form of biometric security, to access their devices or accounts.
Thirty-percent rely on password managers. These tools store and manage multiple complex passwords, reducing the burden of remembering different passwords and minimizing the risk of using weak or repeated passwords.
Fourteen percent use the same password for both work and personal accounts, blurring the line between professional and private digital security. This can have serious implications, especially if the password is compromised in one realm, affecting the other.